"Mooney, Sean K" <sean.k.moo...@intel.com> writes:
>> -----Original Message-----
>> From: dev [mailto:dev-boun...@openvswitch.org] On Behalf Of Aaron Conole
>> Sent: Saturday, August 20, 2016 12:48 AM
>> To: dev@openvswitch.org; Ben Pfaff <b...@ovn.org>; Daniele Di Proietto
>> <diproiet...@vmware.com>
>> Subject: [ovs-dev] [PATCH v4 3/3] netdev-dpdk: Support user-defined
>> socket attribs
>>
>> Currently, when vhost-user server socket devices are created, they inherit
>> the
>> running umask and uid/gid of the vswitchd process. This leads to
>> difficulties when
>> using vhost_user consumers (such as qemu).
>>
>> This patch introduces two new database entries, 'vhost-sock-owner' to set the
>> ownership, and 'vhost-sock-perms' to set the permissions bits for all
>> vhost_user
>> server sockets.
> [Mooney, Sean K] will they default to the user and group of the vswitchd
> process if
> Not set to maintain backwards compatibility?
If the values are unset, then the socket will inherit it's permissions
and ownership from the umask and effective user/group IDs. This is the
same behavior without this patch.
>> Signed-off-by: Aaron Conole <acon...@redhat.com>
>> ---
>> v3->v4:
>> * Rebased on upstream, the dev->vhost_id had to move to dev->vhost_server_id
>>
>> INSTALL.DPDK.md | 8 ++++++++
>> lib/netdev-dpdk.c | 37 +++++++++++++++++++++++++++++++++++++
>> vswitchd/vswitch.xml | 23 +++++++++++++++++++++++
>> 3 files changed, 68 insertions(+)
>>
>> diff --git a/INSTALL.DPDK.md b/INSTALL.DPDK.md index 30e9258..93bc380 100644
>> --- a/INSTALL.DPDK.md
>> +++ b/INSTALL.DPDK.md
>> @@ -223,6 +223,14 @@ advanced install guide [INSTALL.DPDK-ADVANCED.md]
>> * vhost-sock-dir
>> Option to set the path to the vhost_user unix socket files.
>>
>> + * vhost-sock-owner
>> + Option to set the file-system ownership of the vhost_user unix socket
>> + files.
>> +
>> + * vhost-sock-dir
>> + Option to set the file-system permissions of the vhost_user unix socket
>> + files.
>> +
>> NOTE: Changing any of these options requires restarting the
>> ovs-vswitchd
>> application.
>>
>> diff --git a/lib/netdev-dpdk.c b/lib/netdev-dpdk.c index 6d334db..6cac2ea
>> 100644
>> --- a/lib/netdev-dpdk.c
>> +++ b/lib/netdev-dpdk.c
>> @@ -31,6 +31,7 @@
>> #include <sys/stat.h>
>> #include <getopt.h>
>>
>> +#include "chutil.h"
>> #include "dirs.h"
>> #include "dp-packet.h"
>> #include "dpif-netdev.h"
>> @@ -141,6 +142,10 @@ BUILD_ASSERT_DECL((MAX_NB_MBUF /
>> ROUND_DOWN_POW2(MAX_NB_MBUF/MIN_NB_MBUF))
>> * yet mapped to another queue. */
>>
>> static char *vhost_sock_dir = NULL; /* Location of vhost-user sockets */
>> +static char *vhost_sock_def_owner = NULL; /* Default owner of vhost-user
>> + * sockets */ static char
>> +*vhost_sock_def_perms = NULL; /* Default permissions of
>> + * vhost-user sockets */
>>
>> #define VHOST_ENQ_RETRY_NUM 8
>> #define IF_NAME_SZ (PATH_MAX > IFNAMSIZ ? PATH_MAX : IFNAMSIZ) @@ -
>> 889,6 +894,30 @@ get_vhost_id(struct netdev_dpdk *dev) }
>>
>> static int
>> +vhost_set_permissions(struct netdev_dpdk *dev) OVS_REQUIRES(dpdk_mutex)
>> +{
>> + int err = 0;
>> +
>> + /* ovs_kchown and ovs_kchmod are robust enough to deal with null or
>> + * empty strings. However, since they have the potential to race,
>> + * only attempt them if the user actually requested a change. */
>> +
>> + if (vhost_sock_def_owner &&
>> + (err = ovs_kchown(dev->vhost_server_id, vhost_sock_def_owner))) {
>> + VLOG_ERR("dpdk: vhost-user socket (%s) ownership change failed
>> (%s).",
>> + dev->vhost_server_id, ovs_strerror(err));
>> + }
>> +
>> + if (!err && vhost_sock_def_perms &&
>> + (err = ovs_kchmod(dev->vhost_server_id, vhost_sock_def_perms))) {
>> + VLOG_ERR("dpdk: vhost-user socket (%s) permissions failed (%s).",
>> + dev->vhost_server_id, ovs_strerror(err));
>> + }
>> + return err;
>> +}
>> +
>> +
>> +static int
>> netdev_dpdk_vhost_construct(struct netdev *netdev) {
>> struct netdev_dpdk *dev = netdev_dpdk_cast(netdev); @@ -932,10 +961,14
>> @@
>> netdev_dpdk_vhost_construct(struct netdev *netdev)
>> err = netdev_dpdk_init(netdev, -1, DPDK_DEV_VHOST);
>> }
>>
>> + if (!err) {
>> + err = vhost_set_permissions(dev);
>> + }
>> ovs_mutex_unlock(&dpdk_mutex);
>> return err;
>> }
>>
>> +
>> static int
>> netdev_dpdk_construct(struct netdev *netdev) { @@ -3363,6 +3396,10 @@
>> dpdk_init__(const struct smap *ovs_other_config)
>> } else {
>> vhost_sock_dir = sock_dir_subcomponent;
>> }
>> + process_vhost_flags("vhost-sock-owner", NULL, NAME_MAX,
>> ovs_other_config,
>> + &vhost_sock_def_owner);
>> + process_vhost_flags("vhost-sock-perms", NULL, NAME_MAX,
>> ovs_other_config,
>> + &vhost_sock_def_perms);
>>
>> argv = grow_argv(&argv, 0, 1);
>> argc = 1;
>> diff --git a/vswitchd/vswitch.xml b/vswitchd/vswitch.xml index
>> 69b5592..257edd8
>> 100644
>> --- a/vswitchd/vswitch.xml
>> +++ b/vswitchd/vswitch.xml
>> @@ -299,6 +299,29 @@
>> </p>
>> </column>
>>
>> + <column name="other_config" key="vhost-sock-owner"
>> + type='{"type": "string"}'>
>> + <p>
>> + Specifies the owner of the vhost-user unix domain socket files.
>> + </p>
>> + <p>
>> + The default is to inherit from the running user and group id's.
>> The
>> + argument is specified in the same form as the 'chown' unix
>> utility.
>> + </p>
>> + </column>
>> +
>> + <column name="other_config" key="vhost-sock-perms"
>> + type='{"type": "string"}'>
>> + <p>
>> + Specifies the permissions for the vhost-user unix domain socket
>> + files.
>> + </p>
>> + <p>
>> + The default is derived from the running mask. The argument is
>> + specified in the same form as the 'chmod' unix utility.
>> + </p>
>> + </column>
>> +
>> <column name="other_config" key="n-handler-threads"
>> type='{"type": "integer", "minInteger": 1}'>
>> <p>
>> --
>> 2.5.5
>>
>> _______________________________________________
>> dev mailing list
>> dev@openvswitch.org
>> http://openvswitch.org/mailman/listinfo/dev
_______________________________________________
dev mailing list
dev@openvswitch.org
http://openvswitch.org/mailman/listinfo/dev
